CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1952
https://notcve.org/view.php?id=CVE-2018-1952
14 Mar 2019 — IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153495. IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager, desde la versión 5.0 hasta la 6.0.6) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permit... • http://www.ibm.com/support/docview.wss?uid=ibm10875340 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1910
https://notcve.org/view.php?id=CVE-2018-1910
14 Mar 2019 — IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152734. IBM Rational Engineering Lifecycle Manager, desde la versión 5.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbi... • http://www.ibm.com/support/docview.wss?uid=ibm10875372 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1929
https://notcve.org/view.php?id=CVE-2018-1929
14 Mar 2019 — IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 could allow a malicious user to be allowed to view any view if he knows the URL link of a the view, and access information that should not be able to see. IBM X-Force ID: 153120. IBM Rational Engineering Lifecycle Manager, desde la versión 5.0 hasta la 6.0.6, podría permitir que un usuario malicioso pueda visualizar cualquier vista si conoce la URL de una vista y acceder a información que no debería ser capaz de ver. IBM X-Force ID: 153120. • http://www.ibm.com/support/docview.wss?uid=ibm10875372 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1916
https://notcve.org/view.php?id=CVE-2018-1916
14 Mar 2019 — IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152740. IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager, desde la versión 5.0 hasta la 6.0.6) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permit... • http://www.ibm.com/support/docview.wss?uid=ibm10875340 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1914
https://notcve.org/view.php?id=CVE-2018-1914
14 Mar 2019 — IBM Rational Engineering Lifecycle Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152738. IBM Rational Engineering Lifecycle Manager, desde la versión 5.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbi... • http://www.ibm.com/support/docview.wss?uid=ibm10875372 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1688
https://notcve.org/view.php?id=CVE-2018-1688
14 Mar 2019 — IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145509. IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management, desde la versión 5.0 hasta la 6.0.6) es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabili... • http://www.ibm.com/support/docview.wss?uid=ibm10875340 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1762
https://notcve.org/view.php?id=CVE-2018-1762
29 Nov 2018 — IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148616. IBM Rational Collaborative Lifecycle Management desde la versión 5.0 hasta la 5.0.2 y desde la versión 6.0 hasta la 6.0.6, es vulnerable a Cross-Site Scripting (XSS).... • http://www.securityfocus.com/bid/106053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1606
https://notcve.org/view.php?id=CVE-2018-1606
06 Nov 2018 — IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM ... • http://www.ibm.com/support/docview.wss?uid=ibm10738301 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2018-1694
https://notcve.org/view.php?id=CVE-2018-1694
06 Nov 2018 — IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Ration... • http://www.ibm.com/support/docview.wss?uid=ibm10738301 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1846
https://notcve.org/view.php?id=CVE-2018-1846
02 Nov 2018 — IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150945. IBM Rational Engineering Lifecycle Manager de la versión 5.0 a la 5.0.2 y de la versión 6.0 a la 6.0.6 es vulnerable a ataques de tipo XML External Entity Injection (XXE) al procesar datos XML. Un atacant... • http://www.ibm.com/support/docview.wss?uid=ibm10738075 • CWE-611: Improper Restriction of XML External Entity Reference •